Bugtraq mailing list archives

Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II

From: "Jens Knoell" <jens () ing twinwave net>
Date: Tue, 25 Feb 2003 16:50:44 -0700

http-equiv () excite com <http-equiv () malware com> wrote:

[...]
Because it is an html file proper, Internet Explorer opens it. The
scripting inside is then parsed and fired. That scripting is pointing
back to the same executable file with our original codebase object
from the year 2000 and because it is a self-executing html file, it
executes !

Tested IE5.5 and IE6. Fully self-contained harmless *.exe:

http://www.malware.com/html.exe.zip

Be aware of html files out there.

Key Words: Trust it's Worthy so Think it's Tank silly obvious


This does not seem to work for me if done via webserver. It works like a
charm locally, so it might be worthwile adding that this is only useful as
an attached HTML (in an email, for example).

Jens

Current thread:

Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II http-equiv () excite com (Feb 25)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II Jens Knoell (Feb 26)
- <Possible follow-ups>
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II Dike (Feb 26)
  - Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II D'Amato Luigi (Feb 27)